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(57) Abstract 

The present invention relates to telecommunication systems. The object of the invention is to disclose a method and system for 
secure routing of information and addressing of a service and the parties to the service in a telecommunication system comprising 
a telecommunication terminal (1); a telecommunication network (2); a service provider (SP) connected to the telecommunication 
network (2) a service apparatus (4 connected to the telecommunication network (2); and a communication link (5) provided between 
the telecommunication terminal (1) and the service apparatus (4). In the method, the service apparatus (4) and/or the service 
mediated by it as well as the telecommunication terminal (1) are provided with an unambiguous identifier associated with 
predetermined encryption and/or signing keys. Further, a given service apparatus (4) is addressed by means of the 
telecommunication terminal (1) 'by sensing a predetermined connection setup request from the telecommunication terminal (1) to the 
given service apparatus (4). Further, the service provider's (SP) network address and/or other information relating to the 
selected service is sent from the telecommunication terminal (1) to the service apparatus (4) via the communication link (5). The 
communication link is preferably based on Bluetooth technology. 



(57) Abrege 

La presente invention concerne des systemes de telecommunication et en particulier un procede et un systeme permettant 
I'acheminement sur d'informations et I'acces a un service et aux parties concernees par ce service dans un systeme de 
telecommunications qui comporte un terminal (1) de telecommunications, un reseau (2) de telecommunications, un fournisseur de 
services (SP) connecte au reseau (2) de telecommunications, un appareil (4) de service connecte au reseau (2) de 
telecommunications et une liaison (5) de communication reliant le terminal (1) de telecommunications et I'appareil (4 de 
services Selon ledit procede, I'appareil (4) de service et/ou le service fourni par son intermediate amsi que le terminal (1) 
de telecommunications sont dotes d'un identificateur non ambigu assocte a des ctes predetermines de codage et/ou de signature. 
En outre le terminal (1) de telecommunications s'adresse a un appareil (4) donne de services en envoyant une demande 
d'etablissement de connexion predeterminee a cet appareil (4) de services. De plus, I'adresse de reseau du fournisseur de 
services (SP) et/ou d'autres informations relatives au service choisi sont envoyees depuis le terminal (1) de telecommunications 
a Tappareil (4) de services via la liaison (5) de communication. La liaison de communication est de preference basee sur la 
technologie sans fil _ Bluetooth _. 
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(57) Abstract 

The present invention relates to telecommunication systems. The object of the invention is to disclose a method and system for 
secure routing of information and addressing of a service and the parties to the service in a telecommunication system comprising a 
telecommunication terminal (t): a telecommunication network (2); a service provider (SP) connected to the telecommunication network (2); a 
service apparatus (4 connected to the telecommunication network (2); and a communication link (5) provided between the telecommunication 
terminal (1) and the service apparatus (4). In the method, the service apparatus (4) and/or the service mediated by it as well as the 
telecommunication terminal (1) are provided with an unambiguous identifier associated with predetermined encryption and/or signing keys. 
Further, a given service apparatus (4) is addressed by means of the telecommunication terminal (I) by sensing a predetermined connection 
setup request from the telecommunication terminal (1) to the given service apparatus (4). Further, the service provider's (SP) network 
address and/or other information relating to the selected service is sent from the telecommunication terminal (1) to the service apparatus 
(4) via the communication link (5). The communication link is preferably based on Bluetooth technology.. 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


ES 


Spam 


LS 


Lesotho 


SI 


Slovenia 


AM 


Armenia 


FI 


Finland 


l/T 


Lithuania 


SK 


Slovakia 


AT 


Austria 


FR 




LU 


Luxembourg 


SN 


Senegal 


AU 


Australia 


GA 


Gabon 


LV 


Latvia 


sz 


Swaziland 


AZ 


Azerbaijan 


GD 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TC 


Togo 


BB 


Barbados 
Belgium 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan 


BE 
BP 


GN 


Ouisea 


MK 


Ihc former Yugoslav 


TM 


Turkmenistan 


Burkina Faao 


GR 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


ML 


Mali 


TT 


Trinidad and Tobago 


BJ 


Benin 


IE 


belaud 


MN 


Mongolia 


UA 


Ukraine 


BR 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy 
Japan 


MX 


Mexico 


uz 


Uzbekistan 


CF 


Central African Republic 


JP 


NE 


Niger 


VN 


Vie* Nam 


CG 


Congo 


KE 


Kenya 


NL 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland 


KG 


Kyrgyutan 


NO 


Norway 


ZW 


Zimbabwe 


CI 


Cote d' I voire 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Korea 


PL 


Poland 






CN 


China 


ICR 


Republic of Korea 


PT 


Portugal 






CU 


Cuba 


KZ 


Kazaksuu 


RO 


Romania 






cz 


Czech Republic 


IX 


Saint Lucia 


RU 


Russian Federation 






DE 


Germany 


u 


Liechtenstein 


SD 


Sudan 






DK 
EE 


Denmark 
Estonia 


LK 
LR 


Sri Lanka 
Liberia 


SE 

5G 


Sweden 
Singapore 







Description 



5 



10 



15 



20 



25 



30 



35 



40 



45 



55 



WO 00/56105 



PCT/FIOO/00223 



Arrangement for secure communication and key 
distribution in a telecommunication system 
FIELD OF THE INVENTION 

The present invention relates to telecommuni- 
cation. In particular, the invention concerns a new 
type of method and system for secure* routing of infor- 
mation and addressing of a service and the parties to 
a service in a telecommunication system. 



BACKGROUND OF THE INVENTION 
10 Mobile stations used in mobile communication 

networks, e.g. the GSM network (GSM, Global System for 
Mobile communications), have considerable advantages 
as compared with wired-network telephones. The great- 
est advantage is naturally mobility. The use of a mo- 
15 bile station is not dependent on location. 

Traditionally, the main purpose of a tele- 
phone subscription and the associated terminal equip- 
ment is to set up and maintain a speech connection. 
The use of a mobile station is not limited to the 
20 transmission of speech; instead, new functions are 
continuously being developed for it. Various services 
based on text messages have become very popular. The 
popularity of data services is also growing, and it 
will grow further as the data transmission speed of 
25 mobile stations is increased. Third-generation mobile 
telephones will be capable of real-time transmission 
of moving images. 

A group of leading telecommunication and in- 
formation technology enterprises have developed a 
30 technique which can be used to establish a wireless 
connection between a mobile station and e.g. a port- 
able computer. This technique is called "Bluetooth" 
and it is based on short-range radio technology, al- 
lowing many types of terminal equipment to be inter- 
35 connected. A more detailed description of this tech- 
nique is presented e.g. on WWW page www . bluet ooth . com . 
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The Bluetooth technology allows the intercon- 
nection of different devices via a short-range radio 
link. Using Bluetooth technology, it is possible e.g. 
to establish a connection between a mobile station and 
5 a portable computer without cumbersome cabling. Print- 
ers, workstations, telefax devices, keyboards and vir- 
tually any digital equipment may form part of a Blue- 
tooth system or network. This technology constitutes a 
universal bridge to existing data networks and periph- 

10 erals and it makes it possible to form small private 
groups via interconnected devices without a fixed net- 
work infrastructure. Moreover, encryption and authen- 
tication can be used between the devices e.g. so that 
only a certain user's mobile station may be used in 

15 connection with a given portable computer. With Blue- 
tooth, it is possible to use a mobile station for the 
control of almost any device. 

As is known, mobile stations can be used to 
carry out various purchase or control transactions. A 

20 purchase transaction may consist of e.g. the selection 
of and payment for a product in various automated ma- 
chines by using a mobile station. The growth of the 
range of services associated with mobile stations in- 
volves a new area. The information to be transmitted 

25 is often of a nature that requires that the informa- 
tion be only accessible to the receiver and the 
sender. It is necessary to provide data security e.g. 
by employing various encryption methods. 

Often the place to which the data regarding a 

30 purchase or control transaction needs to be transmit- 
ted is not located in the vicinity of the actual place 
of performance of the purchase or control transaction. 
There arises the problem of transmitting the informa- 
tion related to the transaction to a central system in 

35 a manner as easy and reliable as possible. In addi- 
tion, at the receiving end it is necessary to be able 
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to verify an absolute correctness of the information 
received and to establish the identity of the sender. 

At present, the problem is how to address a 
service party' s service apparatus and a given service 
5 produced by it. A further problem is how to implement 
the communication associated with the. service transac- 
tion and its routing in a secure manner between the 
parties to the service transaction. 

The object of the present invention is to 
10 eliminate the drawbacks referred to above or at least 
to significantly alleviate them. 

A specific object of the invention is to dis- 
close a new type of method and system for addressing a 
service apparatus and a given service associated with 
15 it by using a telecommunication terminal, preferably a 
mobile station. Furthermore, by applying the present 
invention, a service request can be safely routed to a 
service provider. The present invention provides a so- 
lution for global transmission of remittances from a 
20 telecommunication terminal to a payee. 

As for the features characteristic of the 
present invention, reference is made to the claims. 

BRIEF DESCRIPTION OF THE INVENTION 

25 The method of the present invention concerns 

the routing of information and secure addressing of a 
service and the parties to a service in a telecommuni- 
cation system. The system comprises a telecommunica- 
tion terminal, telecommunication network, a service 

30 provider connected to the telecommunication network 
and a service apparatus connected to the telecommuni- 
cation network. In addition, the system comprises a 
communication link provided between the telecommunica- 
tion terminal and the service apparatus. 

35 in the method of the present invention, the 

telecommunication terminal functions as a selector of 
a desired service. The telecommunication terminal, 
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preferably a mobile station, is connected to the serv- 
ice apparatus via the communication link. The communi- 
cation link may be implemented using Bluetooth tech- 
nology as described above. This communication link 
permits the application of required encryption methods 
to prevent the information transmitted from getting in 
a useful form into the hands of outsiders. If e.g. 
Bluetooth technology is employed in the communication 
link, the connection is assigned during connection 
setup a one-time identifier for associating the inter- 
communicating parties with each other. Alternatively, 
the communication link may consist of e.g. an infrared 
link. The information to be transmitted can be en- 
crypted by means of the telecommunication terminal, 
15 which preferably is a mobile station. In this case, 
the actual encryption of the information transmitted 
is performed e.g. by means of a' subscriber identity 
module. The subscriber identity module contains the 
keys required for encryption and/or signature of the 
30 2 0 information. 

The service apparatus receives the encrypted 
message from the telecommunication terminal. Part of 
the message may consist of a service provider's net- 
work address determined by the terminal. The network 
25 address may also be determined in the service appara- 
tus when it is known which service is meant. Based on 
the network address, the message is transmitted to the 
service provider. The network address is preferably an 
Internet IP address (IP, Internet Protocol) . The IP 
address does not actually define the receiving ma- 
chine; rather, it defines the connection interface un- 
ambiguously in the whole world. It was stated above 
that the telecommunication network is the Internet. 
However, this is only one example of possible imple- 
35 mentations. The telecommunication network may alterna- 
tively be e.g. a bank payment network. 
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In the method, the telecommunication terminal 
and/or the service apparatus and/or the service pro- 
vided by it is assigned an unambiguous identifier. 
This identifier may be associated with predetermined 
5 encryption and/or signing keys. For the encryption of 
information, the information received from the tele- 
communication terminal is encrypted and/or signed us- 
ing the keys associated with the service apparatus 
and/or service-specific unambiguous identifier, and 
10 the encrypted and/or signed information is sent over 
the telecommunication network to the service provider 
to a network address determined by the telecommunica- 
tion terminal or service apparatus. When the service 
provider receives the encrypted message, the keys 
15 needed for its decryption can be determined on the ba- 
25 sis of the identifier forming part of the message. In 

practice, the implementation may be such that the 
service provider and/or service apparatus communicates 
with a trusted third party (TTP) e.g. via the telecom- 
30 2 o munication network. The trusted third party maintains 

a database containing the encryption and/or signing 
keys associated with each identifier. 

From the trusted third party, the Bervice 
provider receives information regarding the keys asso- 
ciated with a given identifier, preferably a public 
encryption and signing key. The service apparatus, 
too, may communicate with the trusted third party. 
When the encryption and signature of the message are 
implemented using a public key method, the authentic- 
ity of the message can be reliably verified. On the 
basis of the identifier, the service apparatus and/or 
service that the identifier itself is associated with 
can be determined. The service apparatus may be e.g 
cash machine, a cash system, a computer or an auto- 
35 mated service machine. 

The encryption of incoming and outgoing mes- 
sages and the management of the keys, preferably pub- 
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15 



lie and secret keys, associated with the messages may 
be implemented using a specific security module. By 
using such a security module, it is possible to add 
the use of encryption and message authentication even 
5 to equipment in which this feature is originally ab- 
sent . 

The selected service may comprise response 
and/or control information from the service provider 
to the service apparatus and/or telecommunication ter- 
10 minal. The service apparatus can be controlled on the 
basis of a response sent by the service provider. 
Moreover, information about the progress of the serv- 
ice can be sent to the terminal. An example of this is 
a case where a telecommunication terminal is used e.g. 
as a means of payment. A service request is sent from 
the terminal to the service provider and the service 
provider informs the terminal about success or failure 
of the service. Payment arrangements may additionally 
comprise a feature requiring that the payment transac- 
tion be separately confirmed. Confirmation is accom- 
plished e.g. by having the telecommunication terminal 
send a service-specific confirmation code in a sepa- 
rate message to the service provider. Separate message 
here means e.g. an encrypted SMS message (SMS, Short 
25 Message Service). Having interpreted the SMS message 
received, the service provider sends to the service 
apparatus a permission to carry out the service. 

An example of the protocol to be used between 
the telecommunication terminal and the service pro- 
vider is the WAP (Wireless Application Protocol) . The 
WAP protocol defines a standard for applications pro- 
viding services to terminals in a wireless network. 
Using the WAP protocol, it is possible e.g. to estab- 
lish a telephone connection to a WWW server. In addi- 
35 tion, e.g. the WML language (Wireless Markup Lan- 
guage), which is the description language of the WAP 
protocol, is used in conjunction with a WAP implemen- 
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tation. WML is a description language resembling the 
HTML language (HTML, HyperText Markup Language), 
adapted for a wireless environment. 

The system of the present invention comprises 
means for providing a telecommunication terminal with 
an unambiguous terminal -specific identifier, means for 
addressing a given service apparatus by means of a 
telecommunication terminal by sending from the tele- 
communication terminal a predetermined connection 
setup request to the given service apparatus, means 
for providing the service apparatus and/or the service 
mediated by it with an unambiguous service-specific 
identifier, said identifier being associated with pre- 
determined encryption and/or signing keys, and means 
15 for sending the service provider's network address and 
25 other information relating to the selected service 

from the telecommunication terminal to the service ap- 
paratus via a communication link. 

The system further comprises means for ad- 
30 20 dressing a given service apparatus by means of a tele- 

communication terminal by sending from the telecommu- 
nication terminal a predetermined connection setup re- 
quest to a given service apparatus via a communication 
link. In addition, the system comprises means for en- 
25 crypting and/or signing the information received from 
the telecommunication terminal using keys associated 
with the service-specific and/or service apparatus- 
specific identifier and means for sending encrypted 
and/or signed information via the telecommunication 
3 0 network to the service provider to a network address 
determined by the telecommunication terminal and/or 
45 service apparatus. 

The system of the present invention comprises 
means for controlling the service apparatus on the ba- 
35 sis of information sent by the service provider and 
means for sending confirmation and/or other informa- 
tion from the service provider to the service appara- 
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tus and/or to the telecommunication terminal. The sys- 
tem further comprises means for sending a message con- 
firming the service transaction from the telecommuni- 
cation terminal to the service provider if a predeter- 
5 mined condition is fulfilled and means for accepting 
the required service request only when the service ap- 
paratus receives from the service provider. a confirma- 
tion code confirming the service transaction. In addi- 
tion, the system comprises means for encrypting the 

10 communication. 

The system of the present invention comprises 
a trusted third party which communicates with the 
service apparatus and/or service provider over the 
telecommunication network. Further, the service pro- 
vider and/or service apparatus comprises means for 
sending to the trusted third party an inquiry regard- 
ing the encryption and/or signing keys associated with 
each unambiguous identifier. 

The present invention has many advantages. By 
applying the invention, it is possible to address a 
given service apparatus associated with a service, a 
given service mediated by it and a given telecommuni- 
cation terminal. Furthermore, the invention makes it 
possible to individuate the service provider associ- 
ated with a selected service and to send to the serv- 
ice provider encrypted information relating to the 
service. For the user, a significant advantage is the 
low cost of the services. As the method does not nec- 
essarily require the setup of a connection chargeable 
by the operator, the cost of the service to the user 
is low. An additional reason for the low cost is that 
45 the communication between the service apparatus and 

the service provider takes place in an existing data 
network, e.g. the Internet. 

35 

50 LIST OF ILLUSTRATIONS 

In the following, the invention will be de- 
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scribed in detail by the aid of a few examples of its 
embodiments , wherein 

Fig. 1 presents a preferred system according 

to the invention, and 

Fig. 2 presents a flow diagram representing 
the operation of a preferred example -of the system of 
the present invention. 



DETAILED DESCRIPTION OF THE INVENTION 

10 A system as presented in Fig. 1 comprises a 

telecommunication terminal, a service apparatus 4 and 
20 a gervice provider SP. The telecommunication terminal 

1 is connected via a communication link 5 to the serv- 
ice apparatus 4. The telecommunication terminal 1 is 
15 preferably a mobile station. The communication link 5 
25 * may be e.g. a connection based on Bluetooth technol- 

ogy. The service apparatus 4 and the service provider 
SP are connected to a telecommunication network 2. The 
telecommunication network 2 is preferably the global 
30 20 internet network. Alternatively, the telecommunication 

network 2 may be e.g. a bank payment network. Use of 
the internet has the advantage that the network covers 
a very large area and that the devices attached to it 
35 can be unambiguously identified. 

25 T he receiver of a service request is indi- 

cated using a network address which is set by means of 
the telecommunication terminal 1 or the service appa- 
ratus 4; in this example , the addre s s is an IP ad- 

3rei a. By virt ue"^ the IP address, the receiver"of- 

30 the service request being sent is unambiguously de- 
fined. 

The service provider SP identifies the send- 
ing service apparatus 4 by a globally unambiguous 
identifier included in the message. The identifier in- 
dividuates the message decryption keys associated with 
the identifier. In addition, based on the identifier, 
the service provider SP is able to send the service 
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apparatus 4 a response to the service request if nec- 
essary. For each service apparatus -specific identi- 
fier, the service provider SP knows an unambiguous 
network address. 
5 The telecommunication terminal 1 comprises 

means 6 for providing it with a terminal -specific un- 
ambiguous identifier and means 7 for addressing a 
given service apparatus by sending from the terminal 1 
a predetermined connection setup request to the serv- 
10 ice apparatus 4. Using means 9, the service provider's 
network address and/or other information relating to 
the service is sent to the service apparatus 4 via the 
communication link 5. Using means 10, a given service 
apparatus 4 is addressed via the communication link 5. 
15 Moreover, the telecommunication terminal 1 comprises 
means 15 for sending a confirmation message confirming 
the service transaction to the service provider SP. 
Using means 17 , the communication 5 can be encrypted. 

The service apparatus 4 comprises means 8 for 
20 providing the service apparatus and/or the service me- 
diated by it with an unambiguous identifier, said 
identifier being associated with predetermined encryp- 
tion and/or signing keys. Using means 11, the informa- 
tion received from the telecommunication terminal 1 is 
25 encrypted using the keys associated with the service- 
specific and/or service apparatus -specific identifier. 
Further, using means 12, the encrypted information is 
sent via the telecommunication network 2 to the serv- 
ice provider. The service apparatus 4 additionally 
30 comprises means 13 for controlling the service appara- 
tus 4 on the basis of information sent by the service 
provider SP. Using means 16, the required service is 
only accepted when the service apparatus 4 receives 
from the service provider SP a confirmation code for 
35 the service transaction. 

The service provider SP comprises means 14 
for sending confirmation and/or other information to 
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the service apparatus 4 and/or to the telecommunica- 
tion terminal 1. Using means 18, a query asking for 
the encryption and/or signing keys associated with 
each unambiguous identifier is sent to a trusted third 
5 party. 

Fig. 2 presents a preferred example of a flow 
diagram showing the steps comprised in a Bervice ac- 
cording to the invention. The client establishes a 
communication connection to a service apparatus of his 

10 selection, block 20. The communication connection be- 
tween the terminal and the service apparatus is estab- 
lished e.g. via a Bluetooth link. As indicated in 
block 21, the client selects a desired service and the 
associated parameters by means of his terminal. The 

15 service is e.g. payment of a bill at the cash desk of 
a store. A service request is sent via the communica- 
tion link to the service apparatus, block 22. A commu- 
nication connection using Bluetooth technology in- 
cludes encryption of the communication. After all the 

2 0 information required for the service has been received 
from the telecommunication terminal, the operations 
required by the service itself are carried out, block 
23. 

For the service apparatus and/or the service 
25 produced by it, an unambiguous identifier linking a 
given service apparatus and the associated encryption 
keys together has been defined beforehand. Based on 
this identifier, the service provider knows where the 
message received comes from. The telecommunication 
30 terminal or the service apparatus adds the required 
network address to the message to be sent. The service 
apparatus encrypts the message and sends it to the 
service provider over a telecommunication network. In 
this example, the telecommunication network is a bank 
35 payment network. 

Using the decryption keys associated with the 
identifier, the service provider decrypts the received 
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message. To ensure an effective management of the 
keys, the database consisting of the identifiers and 
the associated decryption keys is maintained e.g. by a 
trusted third party. If the service request concerns a 
5 payment at a cash desk as in the above example, then 
in this case the service provider may be a bank. De- 
pending on the service, a decision is made whether a 
confirmation of execution of the service is to be sent 
or not, block 24. The service provider may send to the 

10 service apparatus or telecommunication terminal an en- 
crypted response to the service request, blocks 26 and 
27. The service may also be of a nature that requires 
no response, block 25. The service provider encrypts 
the message with his own secret signing key and fi- 

15 nally encrypts the entire message using a public en- 
cryption key associated with the service apparatus. 
The service apparatus has the required decryption keys 
for the deciphering of the message. As indicated in 
block 29, a confirmation for the execution of the 

20 service transaction can also be sent to the telecommu- 
nication terminal. According to the above description, 
the message sent may consist of information indicating 
that the bill was successfully paid. A confirmation of 
execution of the service need not necessarily be sent 

25 to the telecommunication terminal, block 28. 

In an embodiment as illustrated in Fig. 1, 
the service in question is a cash service. Each cash 
register terminal in the store is provided with commu- 
nication equipment consistent with the Bluetooth tech- 

30 nology. Further, the terminal equipment of the client 
using the cash service has the readiness for Bluetooth 
communication. In this example, the client's terminal 
is a mobile station. The client wants to pay for his 
shopping by using a Bluetooth interface. Since the 

3 5 maximum range of a Bluetooth connection varies from 
ten meters to a few tens of meters depending on the 
case, there may be several cash register terminals 
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within that area which are capable of receiving radio 
signals. Therefore, the client needs to individuate 
the cash register terminal with which a connection is 
to be established. The Bluetooth technology includes 

5 encryption of radio communication, so information can 
be securely transferred via the wireless link. The mo- 
bile station individuates the selected cash register 
terminal e.g. by sending a signal containing the num- 
ber of the cash register terminal. The connection is 

0 assigned a temporary identifier by which the communi- 
cating parties identify each other. Alternatively, the 
mobile station contains e.g. an electronic component 
which is identified by the cash register terminal when 
the mobile station is moved at a sufficiently short 

5 distance from the cash register terminal. 

Via the Bluetooth link, the cash register 
terminal sends the information it has received about 
the service to the service provider. The service pro- 
vider in this example is a bank. The service informa- 

0 tion includes e.g. the account to be charged, service 
provider address data, the sum to be charged and other 
possible information relevant to the particular serv- 
ice. The service provider is individuated by means of 
a given predetermined network address. This address is 

5 included in the information provided in the mobile 
station prior to the service transaction. Alterna- 
tively, the network address may be determined by the 
cash register terminal. The information transmitted 
between the cash register terminal and the service 

0 provider is encrypted to prevent misuse. The informa- 
tion is encrypted using encryption keys specific to 
the service apparatus and/or service. The service pro- 
vider possesses the keys required for the decryption 
of the information transmitted. 

5 The user of the service has to confirm the 

service request if the amount to be paid exceeds a 
certain limit, e.g. $ 50. For the confirmation, the 
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service provider sends via the cash register terminal 
to the mobile station a confirmation reference, which 
the mobile station has to return to the service pro- 
vider e.g. in an SMS message. The user includes the 

5 confirmation code in the message, encrypts and/or 
signs the message and sends the encrypted message to 
the service provider. The service provider decrypts 
the message and thus verifies the identity of the user 
and interprets the information contained in the mes- 

0 sage. The service provider sends the user a message 
indicating successful remittance of the payment e.g. 
over the Bluetooth link via the cash register termi- 
nal . 

In an embodiment as illustrated in Fig. 1, 

5 the method of the invention is applied in an automatic 
gas station in conjunction with refueling. The client 
wants to fill the fuel tank of a company car. The com- 
pany car has been fitted with a Bluetooth communica- 
tion device. When the car arrives at the filling 

0 place, the communication device sets up a radio con- 
nection with the automatic filling machine. The commu- 
nication device in the car contains information in- 
cluding the account of the company, the network ad- 
dress of the service provider (bank) and other possi- 

5 ble information. The client confirms the payment 
transaction using a predetermined identifier. This en- 
sures that a person illicitly using the car will not 
be able to refuel the car on the company's account. 
The communication between the automatic filling ma- 

0 chine and the service provider is encrypted using an 
encryption key associated with the filling machine. 
The service provider transmits a response message to 
the filling machine, which sends it further to the 
communication device in the client's company car. 

5 The invention is not restricted to the exam- 

ples of its embodiments described above; instead, many 
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variations are possible within the scope of the inven- 
tive idea defined in the claims. 
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5 " 
CLAIMS 

1. Method for secure routing of information 
and addressing of a service and the parties to the 

10 

service in a telecommunication system comprising 
5 a telecommunication terminal (1) , 

a telecommunication network (2), 

a service provider (SP) connected to the telecom- 
15 munication network (2) , 

a service apparatus (4) connected to the telecom- 
10 munication network (2) , 

a communication link (5) provided between the 
telecommunication terminal (1) and the service appara- 
tus (4), 

characterized in that the method 
15 comprises the steps of: 

providing the telecommunication terminal (1) with 
a terminal -specific unambiguous identifier; 

addressing a given service apparatus (4) by means 
of the telecommunication terminal (1) by sending a 
20 predetermined connection setup request from the termi- 
nal (1) to the given service apparatus (4) ; 

providing the service apparatus (4) and/or the 
service mediated by it with a service-specific unambi- 
guous identifier, said identifier being associated 
25 with predetermined encryption and/or signing keys; and 
sending the service provider's (SP) network ad- 
dress and/or other information relating to the se- 
lected service from the telecommunication terminal (1) 
40 to the service apparatus (4) via the communication 

30 link (5) . 

2. Method as defined in claim 1, char- 
acterized in that the given service apparatus 

45 (4) is addressed by means of the telecommunication 

terminal (1) by sending from the telecommunication 
35 terminal (1) a predetermined connection setup request 
to the given service apparatus (4) via the communica- 

50 tion link (5) . 
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3. Method as defined in claim 1 or 2, 
characterized in that 

the information received from the telecommunica- 
tion terminal (1) is encrypted and/or signed by using 
5 the keys associated with the service-specific and/or 
service apparatus -specific identifier;, and 

the encrypted and/or signed information is sent 
over the telecommunication network (2) to the service 
provider (SP) to an address determined by the telecom- 
10 munication terminal (1). 

4. Method as defined in any one of the pre- 
ceding claims 1 - 3, characterized in that 
the service apparatus (4) is controlled on the basis 
of information sent by the service provider (SP) . 

15 5. Method as defined in any one of the pre- 

ceding claims 1 - 4, characterized in that 
confirmation and/or other information is sent from the 
service provider (SP) to the service apparatus (4) 
and/or to the telecommunication terminal (1) . 

20 6. Method as defined in any one of the pre- 

ceding claims 1 - 5, characterized in that 
a message confirming the service transaction is sent 
by the telecommunication terminal (1) to the service 
provider (SP) if a predetermined condition is ful- 

25 filled. 

7. Method as defined in any one of the pre- 
ceding claims 1 - 6, characterized in that 
a message confirming the service transaction is sent 
by the telecommunication terminal (1) to the service 

30 provider (SP) in the form of an SMS message. 

8. Method as defined in any one of the pre- 
ceding claims 1 - 7 , characterized in that 
the service request is only accepted after the service 
apparatus (4) has received from the service provider 

3 5 (SP) a confirmation code for the service transaction. 

9. Method as defined in any one of the pre- 
ceding claims 1 - 8, characterized in that 
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the communication connection (5) ie a link based on 
Bluetooth technology. 

10. Method as defined in any one of the pre- 
ceding claims 1 - 9, characterized in that 

5 the communication connection (5) is an infrared link. 

11. Method as defined in any. one of the pre- 
ceding claims 1-10, characterized in that 
the communication connection (5) is encrypted. 

12. Method as defined in any one of the pre- 
10 ceding claims 1 - 11, characterized in that 

a public key and/or private key encryption and/or 
signing method is applied. 

13. Method as defined in any one of the pre- 
ceding claims 1 - 12, characterized in that 

15 the WAP is used between the telecommunication terminal 
(1) and the service apparatus (4) and/or the service 
provider (SP) . 

14. Method as defined in any one of the pre- 
ceding claims 1 - 13, characterized in that 

20 the service provider communicates with a trusted third 
party, which third party maintains a database which 
containing the encryption and/or signing keys associ- 
ated with each identifier. 

15. Method as defined in any one of the pre- 
25 ceding claims 1 - 14, characterized in that 

the service provider (SP) and/or the service apparatus 
(4) sends to the trusted third party an inquiry asking 
for the encryption and/or signing keys associated with 
each unambiguous identifier. 
30 16. Method as defined in any one of the pre- 

ceding claims 1 - 15, characterized in that 
the network address is an IP address. 

17. System for secure routing of information 
and addressing of a service and the parties to the 
35 service in a telecommunication system comprising 
a telecommunication terminal (1) , 
a telecommunication network (2) , 
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a service provider (SP) connected to the telecom- 
munication network (2), 

a service apparatus (4) connected to the telecom- 
munication network (2), 
5 a communication link (5) provided between the 

telecommunication terminal (1) and the service appara- 
tus (4) , 

characterized in that the system 
comprises : 

10 means (6) for providing the telecommunication ter- 

minal (1) with a terminal -specific unambiguous identi- 
fier; 

means (7) for addressing a given service apparatus 
(4) by means of the telecommunication terminal (1) by 
15 sending a predetermined connection setup request from 
the terminal (1) to the given service apparatus (4) ; 

means (8) for providing the service apparatus (4) 
and/or the service mediated by it with a service- 
specific unambiguous identifier, said identifier being 
20 associated with predetermined encryption and/or sign- 
ing keys; and 

means (9) for sending the service provider's (5) 
network address and/or other information relating to 
the selected service from the telecommunication termi- 
25 nal (1) to the service apparatus (4) via the communi- 
cation link (5) . 

18. System as defined in claim 17, char- 
acterized in that the system comprises means 
(10) for addressing a given service apparatus (4) us- 

3 0 ing the telecommunication terminal (1) by sending from 
the telecommunication terminal (1) a predetermined 
connection setup request to the given service appara- 
tus (4) via the communication link (5) . 

19. System as defined in claim 17 or 18, 
35 characterized in that the system comprises 

means (11) for encrypting and/or signing the in- 
formation received from the telecommunication terminal 
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(1) using the keys associated with the -service- 
specific and/or service apparatus -specific identifier; 
and 

means (12) for sending the encrypted and/or signed 
5 information over the telecommunication network (2) to 
the service provider (SP) to a network address deter- 
mined by the telecommunication terminal (1) and/or the 
service apparatus (4) . 

20. System as defined in any one of the pre- 
10 ceding claims 17 - 19, characterized in 

that the system comprises means (13) for controlling 
the service apparatus (4) on the basis of information 
sent by the service provider (SP) . 

21. System as defined in any one of the pre- 
15 ceding claims 17 - 20, characterized in 

that the system comprises means (14) for sending con- 
firmation and/or other information from the service 
provider (SP) to the service apparatus (4) and/or to 
the telecommunication terminal (1) . 

20 22. System as defined in any one of the pre- 

ceding claims 17 - 21, characterized in 
that the system comprises means (15) for sending a 
message confirming the service transaction from the 
telecommunication terminal (1) to the service provider 

25 (SP) if a predetermined condition is fulfilled. 

23 . System as defined in any one of the pre- 
ceding claims 17 - 22, characterized in 
that the system comprises means (16) for only accept- 
ing a service request after the service apparatus (4) 

30 has received from the service provider (SP) a confir- 
mation code for the service transaction. 

24. System as defined in any one of the pre- 
ceding claims 17 - 23, characterized in 
that the system comprises means (17) for encrypting 

35 the communication connection (5) . 

25. System as defined in any one of the pre- 
ceding claims 17 - 24, characterized in 
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that the system comprises a trusted third party which 
communicates with the service apparatus (4) and/or the 
service provider (SP) over the telecommunication net- 
work (2) . 

5 26. System as defined in any one of the pre- 

ceding claims 17 - 25, characterized in 
that the service provider (SP) and/or the service ap- 
paratus (4) comprises means (18) for sending to the 
trusted third party an inquiry asking for the encryp- 
10 tion and/or signing keys associated with each unambi- 
guous identifier. 

27. System as defined in any one of the pre- 
ceding claims 17 - 26, characterized in 
that the telecommunication terminal (1) is a mobile 

15 station with a subscriber identity module connected to 
it. 

28. System as defined in any one of the pre- 
ceding claims 17 - 27, characterized in 
that the service apparatus (4) is an automatic teller 

20 machine. 

29. System as defined in any one of the pre- 
ceding claims 17 - 27, characterized in 
that the service apparatus (4) is a cash register sys- 
tem. 

25 30. System as defined in any one of the pre- 

ceding claims 17 - 27, characterized in 
that the service apparatus (4) is a computer. 

31. System as defined in any one of the pre- 
ceding claims 17 - 27, characterized in 

30 that the service apparatus (4) is an automated service 
machine, e.g. an automatic gasoline filling machine. 

32. System as defined in any one of the pre- 
ceding claims 17 - 31, characterized in 
that the telecommunication network (2) is the Internet 

35 network. 

33. System as defined in any one of the pre- 
ceding claims 17 - 31, characterized in 
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that the telecommunication network (2) is a bank pay- 
ment network. 
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